RIVERSIDE COMMUNITY HOSPITAL

Report ID: WZ6R11.01, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and record review, the facility failed to ensure all patient protected health information (PHI) was kept protected, when Patient A's operative report was inadvertently faxed to the wrong fax number. This resulted in the unauthorized disclosure of Patient A's PHI and the potential for misuse of the information. Findings:On December 9. 2014, at 2:30 p.m., an interview was conducted with the Health Insurance Portability and Accountability Act (HIPAA) Manager. The Manager stated on November 20, 2014, a medical records employee changed a physician's fax number (at his request) and sent Patient A's operative report to the requested fax number. The Manager stated the fax was received by an unintended recipient, who notified the facility about the error on November 20, 2014. The unintended recipient received and had the opportunity to view a document that contained Patient A's name, date of birth, age, admission date, date of surgery, medical record and account numbers, and information related to the patient's operative procedure. Patient A was informed of the disclosure of her protected health information (PHI) via a letter dated and mailed on November 26, 2014. The facility policy and procedure titled "Safeguarding Protected Health Information" reviewed/revised September 23, 2013, revealed "... To facilitate compliance with the Health Insurance Portability and Accountability Act...must take reasonable steps to safeguard and protect PHI...When faxing PHI, workforce members should take appropriate safeguards..Verify the fax number before sending...Double check the fax number entered before sending..."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: 2IRT11.01, T8EZ11.01